Re: session timeout

Tue, 21 Dec 2004 10:56:56 -0800 

Hi Neale,

Thanks for the reply. However, storing "user_id" cannot differentiate
session timeout and user requesting a secured page without logging in. In
the case when an user requests a secured page before logging in (say, he
booked mark the URL of a secured page), the "user_id" also doesn't exist in
the session.

Thanks for Johan Hahn's suggestion, I've solved my problem by using her
solution.

Regards,

Ming Li

On Tue, 21 Dec 2004 03:46:22 -0700, Neale Rudd
<[EMAIL PROTECTED]> wrote:

>Hi Ming Li,
>
>An easy solution is to store something like "user_id" into the session,
>always get the session with request.getSession(true); and then check if
>getAttribute("user_id") is null.
>
>If the session has been invalidated, you will get a new session which won't
>have the user_id.
>
>If the session is valid, it will have the user_id.
>
>On logout, remove this attribute, and then whether the session is valid, or
>invalid, it won't have a user_id, so you can assume they are not logged in.
>
>Hope that helps,
>Neale Rudd
>metawerx java hosting
>http://www.metawerx.net
>
>On Fri, 10 Dec 2004 14:32:39 -0700, Ming Li <[EMAIL PROTECTED]> wrote:
>
>>Thanks for the reply, Wei Cheng. Your solution works fine when the user's
>>session has already been created. But if a user requests a secured web
page
>>immediately after his/her Web viewer is started, at that moment the user
>>session has not been created yet, in this case, the authentication filter
>>will capture the user's attempt and redirect the user to the timeout page,
>>instead of the login page...
>>
>
>___________________________________________________________________________
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff SERVLET-INTEREST".
>
>Archives: http://archives.java.sun.com/archives/servlet-interest.html
>Resources: http://java.sun.com/products/servlet/external-resources.html
>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to